Goto www.webspeedway.com today to learn about their cost-effective IT management solutions for your business.
Vulnerabilities of Interest:
- PHP ‘proc_open()’ ‘safe_mode_protected_env_var’ Restriction-Bypass Vulnerability – PHP is prone to a safe_mode restriction-bypass vulnerability. Successfully exploiting this issue may allow attackers to alter the process environment, which may lead to other attacks. Versions prior to PHP 5.3.1 are vulnerable. To exploit this issue, an attacker can use readily available tools as well exploit code is available in the wild.
- Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities – Postfix is prone to a local privilege-escalation vulnerability and a local information-disclosure vulnerability. Local attackers can exploit this issue to read other users’ mail or execute arbitrary commands with superuser privileges. Versions prior to Postfix 2.5.4 Patchlevel 4 are vulnerable. An attacker uses readily available commands to exploit these issues. Proof-of-concept shell script is available in the wild.
- Apache mod_perl ‘Apache::Status’ and ‘Apache2::Status’ Cross Site Scripting Vulnerability – The Apache ‘mod_perl’ module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URL. Example URL code is available in the wild.
- Ruby ‘OCSP_basic_verify()’ X.509 Certificate Verification Vulnerability – Ruby is prone to an X.509 certificate-verification vulnerability. Exploiting this issue may allow an attacker to have a revoked x.509 certificate accepted as valid. This may allow the attacker to conduct phishing attacks or to impersonate legitimate sites. Other attacks are also possible. Ruby 1.8.7 and 1.9.1 are vulnerable; other versions may also be affected. An attacker may use readily available utilities to carry out this attack.
- MySQL Command Line Client HTML Special Characters HTML Injection Vulnerability – MySQL is prone to an HTML-injection vulnerability because the application’s command-line client fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Attackers can use readily available tools to exploit this issue. Example code is available in the wild.
- MySQL ‘sql_parse.cc’ Multiple Format String Vulnerabilities – MySQL is prone to multiple format-string vulnerabilities. Attackers can leverage these issues to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions. MySQL 4.0.0 through 5.0.75 are vulnerable; other versions may also be affected. Proof of concept code is available in the wild.
- Microsoft HTML Help Workshop ‘.hhp’ File Handling Buffer Overflow Vulnerability – Microsoft HTML Help Workshop is prone to a remote buffer-overflow vulnerability. The vulnerability occurs when the application handles a malformed HTML Help Workshop Project (‘.hhp’) file. An attacker may exploit the issue to execute arbitrary code in the context of the application. This vulnerability affects HTML Help Workshop 4.74 and prior versions. Exploit code is available in the wild.
- Dia ‘PySys_SetArgv’ Remote Command Execution Vulnerability – Dia is prone to a remote command-execution vulnerability that could allow an attacker to execute the vulnerable application in a directory containing a malicious Python file by enticing an unsuspecting victim . A successful exploit the execution of Python commands running with the privileges of the currently logged-in user. This attack can be exploited by using commonly available tools. Core Security has developed a working commercial exploit for CORE IMPACT.
Microsoft patched 12 vulnerabilities in Windows, Office and Internet Explorer (IE), including three critical bugs in the company’s newest browser, IE8.Of the 12 flaws fixed in Tuesday’s six security updates, seven were rated “critical,” the highest severity ranking in Microsoft’s four-step scoring system. Four of the remaining flaws were pegged as “important,” one step lower on the scale, while the final vulnerability was labeled “moderate.”MS09-069 :Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service
MS09-070 :Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution
MS09-071 :Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution
MS09-072 :Cumulative Security Update for Internet Explorer
MS09-073 :Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution
MS09-074 :Vulnerability in Microsoft Office Project Could Allow Remote Code Execution
Security researchers unanimously voted MS09-072, the five-patch update for IE, as the one that demands immediate attention.
News item 2: http://www.kb.cert.org/vuls/id/723308
According to the US Cert, TCP implementations from multiple vendors are vulnerable to malicious or misbehaving connections that indefinitely advertize a zero receive window. RFC 1122 section 184.108.40.206 states that “A TCP MAY keep its offered receive window closed indefinitely. As long as the receiving TCP continues to send acknowledgments in response to the probe segments, the sending TCP MUST allow the connection to stay open.” The TCP connection is open however no data is being transmitted. This “stalled” state is generally referred to as the TCP persist condition.
The company’s move was prompted by a paper published by five German researchers at the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT), a Darmstadt, Germany-based security company. In the paper, the researchers spelled out multiple attack scenarios criminals could use to access files protected by BitLocker.
BitLocker, which Microsoft debuted in higher-end versions of Windows Vista, is included only in Windows 7 Ultimate and Windows 7 Enterprise , available only to companies and organizations that buy Windows licenses in volume, as well as Windows Server 2008 and Server 2008 R2. The software encrypts disk volumes and locks them with a PIN, USB-based key device or, if the computer includes one, a Trusted Platform Module (TPM) chip.
The Fraunhofer SIT researchers spelled out five attack possibilities, including one where the attacker boots the PC from a flash drive and replaces the BitLocker bootloader with a substitute bootloader that spoofs the PIN request process, then snatches the PIN and saves it to disk or sends it elsewhere using the computer’s wireless connection. Later, the attacker must revisit the PC to use the purloined PIN to access the BitLocker-protected data.
News item 4: http://www.microsoft-watch.com/content/web_services_browser/microsoft_executive_suggests_google_de-listing_a_no-go.html?kc=MWRSS02129TX1K0000535&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+RSS%2FMicrosoftWatch+%28Microsoft+Watch%29
Last week, Microsoft and Rupert Murdoch’s News Corp. were reportedly in talks over an agreement that would see New Corp.’s Websites de-listed from Google search in exchange for payment by Microsoft. Subsequent articles suggested that those initial reports were, in fact, totally overblown.
But the Financial Times, in reporting that original Microsoft-News Corp. story (which relied on unnamed sources allegedly close to the negotiations), also quoted a Web publisher who had apparently been approached by Microsoft about de-indexing from Google in return for cash.
Whether or not you believe that Microsoft would try something like that–it’s not exactly the smartest move, considering that Bing will occupy around 10 percent of the U.S. search-engine market until the Microsoft-Yahoo partnership, which will see Bing powering search on Yahoo’s sites, closes in 2010–an offhand comment during last week’s Bing press conference suggested that Microsoft is likely more focused on growing its own properties than convincing publishers to de-list from the largest search engine currently on the market.
Paying publishers to de-list their content would be a suicidal move for those publishers, at least as far as ad revenue is concerned; and Microsoft, trying to come back after a few quarters of declining revenues, is unlikely to want to blow millions
News item 5: http://cryptome.org
You’ve probably all heard about the leaked TSA Sensitive Screening Doc. We found a copy on Cryptome.org website, if you’re wondering what it says, the “Gawker Guide to Getting Past Airport Security This Holiday Travel Season” article (http://gawker.com/5420989/the-gawker-guide-to-getting-past-airport-security-this-holiday-travel-season) has you covered.
- “Don’t be from Cuba, Iran, North Korea, Libya, Syria, Sudan, Afghanistan, Lebanon, Somalia, Iraq, Yemen or Algeria… If you are from Pakistan, move right on ahead!” Presumably Venezuelans also get the red carpet treatment.
- “Pack your ammo carefully…If it’s in your checked luggage, feel free to bring along any ammunition up to .50 caliber.” You should feel safer already.
- “If the airline agent wrote ‘SSSS’ on your ticket, just turn around and go home.” This will save busy terrorists a lot of otherwise wasted time at the airport.
- “Be a minor, Member of Congress, uniformed military member, or all three….who are exempted from special screening even if they’re marked for it.” Unlike your grandmother, none of them could possibly be terrorists.
- “Better yet, be a foreign dignitary in CIA custody” who are “fully exempt from screening….TSA has helpfully presented an example of a CIA ID card. Doesn’t carrying one of these defeat the purpose?” One would suppose, but this is the federal government we’re talking about.
- “If you get caught, just run: TSA officers are instructed not to ‘detain or delay’ anybody they suspect has presented them a fraudulent ID if they’ve already gotten past security.” So while you’re taking off your shoes and submitting to the indignity of having your possessions searched, TSA allows people they suspect of having phony IDs to board the same airplane you’ll be flying on! Incredible!